CVE-2008-1528
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
26/03/2008
Last modified:
09/04/2025
Description
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:zyxel:prestige_660:h-d1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:prestige_660:h-d3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:prestige_661:hw-d1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:agd.2:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:agl.3:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:ahq.0:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:ahq.3:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:ahz.0:*:*:*:*:*:* | ||
| cpe:2.3:h:zyxel:zynos:3.40:atm.0:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41511
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41511